This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Created attachment 141953 [details] netbeans 7.4: $variable = $_POST['firstname']; produces a warning Hi I would like to report what I think is a bug. If make a variable to for example capture a user's input then I get a warning from the editor: Which says: "Do not Access Superglobal $_POST Array directly" "Use some filtering functions instead (e.g filter_input(), conditions with is_* () functions, etc.). I have talked with others and they tell me that this isn't an appropriate warning and that I should file a bug report, which is what I'm doing ! Also, I'm told that this behaviour doesn't exist in Netbeans 7.3.1, which only add to my suspicion that this is infact a bug or at least odd behaviour.
It's an intent. You should never ever access superglobals directly. For security reasons. Just google that. There are also PHP native functions to filter that arrays and to work with 'em securely - e.g. filter_input(). If you don't want to use that hint, just disable it. But it's *hardly* recommended to follow it.
It's a new hint in 7.4 so it can't be in 7.3.1 ;) You can disable hints in Tools->Options->Editor->Hints->PHP.
(In reply to Ondrej Brejla from comment #2) > It's a new hint in 7.4 so it can't be in 7.3.1 ;) You can disable hints in > Tools->Options->Editor->Hints->PHP. Hi Ondrej Thank you for clarifying - I'll forward your reply to others in order to help with avoiding that bugzilla gets flooded with similar bug reports. As a side remark I would like to say that I find this warning solution a bit odd and wonder if it wasn't possible to create something which didn't "interfere" with the clean view the editor normally has - an interface with no warnings usually means that one is good to go, besides, if this issue (e.g the lack of a warning) hasn't been a problem before, then I find it strange that there has arisen a need to have this all of a sudden.
(In reply to Neobean from comment #3) > if this issue (e.g the lack of a warning) hasn't been a problem before It was a *big* security problem all the time, but probably you didn't know that. Now we implemented a hint, which warns you that your code is not secure. You figured it out that't great! Mission accomplished. Our hint helped you to write more secure code. Win/win :)
I am here for the share this nice post looking here http://gethelpwindows10.com and seen the microsoft windows 10 help support to connect the latest version.